Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v3.9 2013-02-21T23:15:58Z 2013-02-21T23:15:58Z Eric Dumazet edumazet@google.com 2013-02-21T12:18:52Z urn:sha1:08dcdbf6a7b9d14c2302c5bd0c5390ddf122f664 It looks like its possible to open thousands of TCP IPv6 sessions on a server, all landing in a single slot of TCP hash table. Incoming packets have to lookup sockets in a very long list. We should hash all bits from foreign IPv6 addresses, using a salt and hash mix, not a simple XOR. inet6_ehashfn() can also separately use the ports, instead of xoring them. Reported-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Yuchung Cheng <ycheng@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-01-31T03:41:13Z YOSHIFUJI Hideaki / 吉藤英明 yoshfuji@linux-ipv6.org 2013-01-30T09:27:52Z urn:sha1:18367681a10bd29c3f2305e6b7b984de5b33d548 Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-01-31T03:41:13Z YOSHIFUJI Hideaki / 吉藤英明 yoshfuji@linux-ipv6.org 2013-01-30T09:27:47Z urn:sha1:d3aedd5ebd4b0b925b0bcda548066803e1318499 Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-01-29T18:36:24Z Jesper Dangaard Brouer brouer@redhat.com 2013-01-28T23:45:12Z urn:sha1:d433673e5f9180e05a770c4b2ab18c08ad51cc21 This change is primarily a preparation to ease the extension of memory limit tracking. The change does reduce the number atomic operation, during freeing of a frag queue. This does introduce a some performance improvement, as these atomic operations are at the core of the performance problems seen on NUMA systems. Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-01-21T18:33:15Z YOSHIFUJI Hideaki / 吉藤英明 yoshfuji@linux-ipv6.org 2013-01-21T06:48:19Z urn:sha1:2576f17dfad402e2446244238ed22dddf35c2e53 - move ip6_nd_hdr() to its users' source files. In net/ipv6/mcast.c, it will be called ip6_mc_hdr(). - make return type to void since this function never fails. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-01-17T19:29:58Z Fabio Baltieri fabio.baltieri@linaro.org 2013-01-16T21:30:17Z urn:sha1:512613d7dde7b679597485e9335bd64e90df78fa Fix the 64bit optimized version of ipv6_prefix_equal to convert the bitmask to network byte order only after the bit-shift. The bug was introduced in: 3867517 ipv6: 64bit version of ipv6_prefix_equal(). Signed-off-by: Fabio Baltieri <fabio.baltieri@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-01-17T19:29:53Z Jesper Dangaard Brouer brouer@redhat.com 2013-01-15T07:16:35Z urn:sha1:c2a936600f78aea00d3312ea4b66a79a4619f9b4 Increase the amount of memory usage limits for incomplete IP fragments. Arguing for new thresh high/low values: High threshold = 4 MBytes Low threshold = 3 MBytes The fragmentation memory accounting code, tries to account for the real memory usage, by measuring both the size of frag queue struct (inet_frag_queue (ipv4:ipq/ipv6:frag_queue)) and the SKB's truesize. We want to be able to handle/hold-on-to enough fragments, to ensure good performance, without causing incomplete fragments to hurt scalability, by causing the number of inet_frag_queue to grow too much (resulting longer searches for frag queues). For IPv4, how much memory does the largest frag consume. Maximum size fragment is 64K, which is approx 44 fragments with MTU(1500) sized packets. Sizeof(struct ipq) is 200. A 1500 byte packet results in a truesize of 2944 (not 2048 as I first assumed) (44*2944)+200 = 129736 bytes The current default high thresh of 262144 bytes, is obviously problematic, as only two 64K fragments can fit in the queue at the same time. How many 64K fragment can we fit into 4 MBytes: 4*2^20/((44*2944)+200) = 32.34 fragment in queues An attacker could send a separate/distinct fake fragment packets per queue, causing us to allocate one inet_frag_queue per packet, and thus attacking the hash table and its lists. How many frag queue do we need to store, and given a current hash size of 64, what is the average list length. Using one MTU sized fragment per inet_frag_queue, each consuming (2944+200) 3144 bytes. 4*2^20/(2944+200) = 1334 frag queues -> 21 avg list length An attack could send small fragments, the smallest packet I could send resulted in a truesize of 896 bytes (I'm a little surprised by this). 4*2^20/(896+200) = 3827 frag queues -> 59 avg list length When increasing these number, we also need to followup with improvements, that is going to help scalability. Simply increasing the hash size, is not enough as the current implementation does not have a per hash bucket locking. Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-01-17T03:12:36Z YOSHIFUJI Hideaki yoshfuji@linux-ipv6.org 2013-01-17T03:10:57Z urn:sha1:07f623d3b278abe88508c1c59d7c1089b4a56789 Commit 3e4e4c1f ("ipv6: Introduce ip6_flow_hdr() to fill version, tclass and flowlabel.) uses ntohl(), which should be htonl(). Found by Fengguang Wu <fengguang.wu@intel.com>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-01-14T18:17:01Z YOSHIFUJI Hideaki / 吉藤英明 yoshfuji@linux-ipv6.org 2013-01-14T07:10:38Z urn:sha1:38675170e4235f859bb85564c33ffa077a1c1ef7 Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2013-01-14T18:17:01Z YOSHIFUJI Hideaki / 吉藤英明 yoshfuji@linux-ipv6.org 2013-01-14T07:10:31Z urn:sha1:2ef973320349cd536b33427aed98512e532d4cc6 ipv6_prefix_equal() just casts its arguments and it is the only user of __ipv6_prefix_equal(). Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>